Lucene search
K

6534 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/12/17 12:0 a.m.3 views

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The...

7.8CVSS7.4AI score0.00508EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes...

5.4AI score0.00171EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/16 10:32 p.m.10 views

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/12/16 7:16 p.m.6 views

CVE-2025-68155

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS0.00552EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 6:31 p.m.4 views

EUVD-2025-203797

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

6AI score0.00168EPSS
Exploits0References6
OSV
OSV
added 2025/12/16 6:20 p.m.6 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.9AI score0.00552EPSS
Exploits0References6
CVE
CVE
added 2025/12/16 6:20 p.m.22 views

CVE-2025-68155

The CVE concerns @vitejs/plugin-rsc (used with Vite) in development mode. Prior to version 0.5.8, the endpoint /__vite_rsc_findSourceMapURL accepts a file:// URL in the filename query parameter, converts it to a filesystem path, and reads the target file without validating its location, returning...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/16 6:20 p.m.4 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.6AI score0.00552EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/16 6:20 p.m.33 views

CVE-2025-68155 @vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on Development

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS0.00552EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 4:16 p.m.4 views

CVE-2025-68283

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

0.00168EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 4:16 p.m.6 views

AZL-72610 CVE-2025-68283 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

5.8AI score0.00168EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/12/16 4:16 p.m.2 views

CVE-2025-68285

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in havemonandosdmap The wait loop in cephopensession can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both cephmonchandlemap and handleonem...

5.9AI score0.00173EPSS
Exploits0References35
OSV
OSV
added 2025/12/16 4:16 p.m.4 views

UBUNTU-CVE-2025-68285

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in havemonandosdmap The wait loop in cephopensession can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both cephmonchandlemap and handleonem...

5.9AI score0.00173EPSS
Exploits0References36
EUVD
EUVD
added 2025/12/16 3:30 p.m.6 views

EUVD-2025-203644

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes. However, this reference is never released when the function returns,...

5.9AI score0.00171EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203684

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmountstring In statmountstring, most flags assign an output offset pointer offp which is later updated with the string offset. However, the STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP cases...

5.9AI score0.00155EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 3:15 p.m.3 views

CVE-2025-68252

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes. However, this reference is never released when the function returns,...

5.7AI score0.00171EPSS
Exploits0References7
OSV
OSV
added 2025/12/16 3:15 p.m.2 views

UBUNTU-CVE-2025-68252

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes. However, this reference is never released when the function returns,...

5.7AI score0.00171EPSS
Exploits0References8
CVE
CVE
added 2025/12/16 3:6 p.m.20 views

CVE-2025-68283

In CVE-2025-68283, the Linux kernel fixes a vulnerability in libceph where OSD indexes originate from untrusted network packets. The root cause was a BUG_ON check on map->max_osd; the patch replaces this with explicit boundary checks to validate against map->max_osd, preventing out-of-bound...

6.2AI score0.00168EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 3:6 p.m.7 views

CVE-2025-68283 libceph: replace BUG_ON with bounds check for map->max_osd

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

6.4AI score0.00168EPSS
Exploits0References8
CVE
CVE
added 2025/12/16 2:45 p.m.14 views

CVE-2025-68261

CVE-2025-68261 concerns a race in ext4 where inline data destruction (ext4_destroy_inline_data_nolock) and block mapping (ext4_map_blocks) can concurrently modify inode layout, causing a state where EXT4_INODE_EXTENTS flag is observed incorrectly and triggers a kernel BUG in fs/ext4/indirect.c (l...

6.1AI score0.0018EPSS
Exploits0References8
Rows per page
Query Builder